has a very broad set of capabilities as alternatives for investment. For a 
large company it might be typical that a base PKI investment might be $10M 
with $15M of alternatives. 

Figure 7 illustrates how the risk insurance investment intersects with the 
risk mitigation computer-based technology investment curve. Just as PKI has a 
broad range of alternatives, risk insurance will have corresponding broad 
range of policy options. Using the system elements of the present invention 
the institution is able to objectively compare the alternatives in risk 
computer-based technology and risk insurance. 

The present invention teaches how risk to the company's computer-based 
intellectual property can be expressed as dollars. Insurance and computer- 
based technologies are both investment categories in dollars. Comparisons of 
these investments versus risk in dollars show how the present invention 
provides a superior result in risk management. 

What is claimed is: 

1, A method for achieving a most favored risk management using a computer- 
based system comprising: 

a) Means of providing risk management insurance policy coverage of at 
least Breach of Computer Security of the "Computer-Based System" . 



b) Means of comparing investment costs of risk prevention computer- 
based technology with one or more risk insurance policies. 

A method of risk management that provides investment comparison of 
insurance and computer-based technology alternatives comprising: 

a) Means of expressing risks to Company assets in common currency. 

b) Means of expressing risk coverage of one or more computer-based 
technologies into common currency. 

A method of risk management that expresses risks to company assets in 
common currency comprising: 

a) Means of analyzing a Company ^s transactions and their corresponding 
effect on a Company's assets and expressing that risk in common 
currency. 

b) Means of determining the flow of a Company's computer-based 

' transactions and ranking them by risk expressed in common currency. 

A method of expressing risk coverage of one or more computer-based 
technologies into common currency comprising: 



